| 双语新闻 Bilingual News | 双语对照阅读 分级系列阅读 智能辅助阅读 在线英语学习 |
|
| 双语新闻 Bilingual News | 双语对照阅读 分级系列阅读 智能辅助阅读 在线英语学习 |
| [英文] [中文] [双语对照] [双语交替] [] |
| The web browser used within the TikTok app can track every keystroke made by its users, according to new research that is surfacing as the Chinese-owned video app grapples with U.S. lawmakers’ concerns over its data practices. |
| 就在中国视频应用程序TikTok艰难应对美国议员对其数据管理的担忧之际,一项新研究显示,TikTok应用程序内的网页浏览器可以追踪用户的每一次键盘输入行为。 |
| The research from Felix Krause, a privacy researcher and former Google engineer, did not show how TikTok used the capability, which is embedded within the in-app browser that pops up when someone clicks an outside link. But Mr. Krause said the development was concerning because it showed TikTok had built in functionality to track users’ online habits if it chose to do so. |
| 隐私政策研究员、前谷歌工程师费利克斯·克劳斯的研究并未说明TikTok如何使用这一功能,它被嵌入用户点击外部链接时会弹出的内置浏览器中。但克劳斯表示,这一情况令人担忧,因为它表明TikTok内置了跟踪用户在线习惯的功能,只要它想,就能这么做。 |
| Collecting information on what people type on their phones while visiting outside websites, which can reveal credit card numbers and passwords, is often a feature of malware and other hacking tools. While major technology companies might use such trackers as they test new software, it is not common for them to release a major commercial app with the feature, whether or not it is enabled, researchers said. |
| 收集人们在访问外部网站时在手机上键入的信息可能会泄露信用卡号码和密码,这通常是恶意软件和其他黑客工具的一个功能。研究人员表示,虽然大型科技公司在测试新软件时可能会使用此类追踪工具,但对外发布带有此功能——无论是否启用——的主流商业应用程序并不常见。 |
| “Based on Krause’s findings, the way TikTok’s custom in-app browser monitors keystrokes is problematic, as the user might enter their sensitive data such as login credentials on external websites,” said Jane Manchun Wong, an independent software engineer and security researcher who studies apps for new features. |
| “根据克劳斯的调查结果,TikTok应用程序内专用浏览器监控输入内容的方式存在问题,因为用户可能会在外部网站上输入登录凭证等敏感数据,”专门研究各应用新功能的独立软件工程师、安全研究人员黄文津表示。 |
| She said TikTok’s in-app browser could “extract information from the user’s external browsing sessions, which some users find overreaching.” |
| 她说,TikTok的内置浏览器能“从用户的外部浏览行为中提取信息,这在一些用户看来就是越界”。 |
| In a statement, TikTok, which is owned by the Chinese internet firm ByteDance, said Mr. Krause’s report was “incorrect and misleading” and that the feature was used for “debugging, troubleshooting and performance monitoring.” |
| 中国互联网公司字节跳动所有的TikTok在一份声明中表示,克劳斯的报告是“错误且具有误导性的”,该功能只用于“调试、故障排除和性能监控”。 |
| “Contrary to the report’s claims, we do not collect keystroke or text inputs through this code,” TikTok said. |
| “与该报告所称相反,我们没有通过此代码收集键入或文本输入的记录,”TikTok表示。 |
| Mr. Krause, 28, said he was unable to ascertain whether keystrokes were actively being tracked, and whether that data was being sent to TikTok. |
| 现年28岁的克劳斯表示,他无法确定用户的键入是否被主动追踪,也不能确定这些数据是否被发送给了TikTok。 |
| The research could raise questions for TikTok in the United States, where government officials have scrutinized whether the popular app could endanger U.S. national security by sharing information about Americans with China. Although debate in Washington about the app had receded under the Biden administration, new concerns have boiled over in recent months after revelations from BuzzFeed News and other news outlets about TikTok’s data practices and ties to its Chinese parent. |
| 该研究可能会给TikTok在美国的运营带来问题,因为美国政府已经已经在仔细审查这款热门应用是否会向中国分享美国用户的信息,从而危及美国国家安全。虽然在拜登政府上任后,华盛顿关于该应用的争论有所减弱,但最近几个月,BuzzFeed News等媒体曝光了TikTok的数据管理及其与中国母公司的关联,引发了新的担忧。 |
| Apps sometimes use in-app browsers to prevent people from visiting malicious sites or to make online browsing easier with the auto-filling of text. But while Facebook and Instagram can use in-app browsers to track data like what sites a person visited, what they highlighted and which buttons they pressed on a website, TikTok goes further by using code that can track each character entered by users, Mr. Krause said. |
| 有些应用程序会使用内置浏览器来防止用户访问恶意网站,或是通过自动文本填充提升在线浏览的体验。但克劳斯表示,Facebook和Instagram虽然也能用内置浏览器追踪诸如用户访问网站、标记内容以及网页点击内容等数据,但TikTok更进一步,其代码可以追踪到用户输入的每个字符。 |
| A spokesman for Meta, the parent company for Facebook and Instagram, declined to comment. |
| Facebook和Instagram母公司Meta的发言人拒绝置评。 |
| Mr. Krause said he carried out the research on TikTok only on Apple’s iOS operating system and noted that the keystroke tracking would only occur within the in-app browser. |
| 克劳斯称,他仅研究过苹果iOS操作系统的TikTok应用,他也指出,该应用的键入追踪功能仅限于其内置浏览器。 |
| As with many apps, TikTok offers few chances for people to click away from its service. Instead of redirecting to mobile web browsers like Safari or Chrome, an in-app browser appears when users click on ads or links embedded within the profiles of other users. These are often the moments people enter key information like credit card details or passwords. |
| 与许多应用程序一样,TikTok几乎不提供让用户点击离开其服务的机会。当用户点击嵌入在其他用户资料中的广告或链接时,应用内置浏览器就会弹出,而不会将用户重新定向到Safari或Chrome等移动端网页浏览器应用中。往往就是在此类情境下,用户需要输入信用卡资料或密码等关键信息。 |
| In a CNN interview in July, Michael Beckerman, a TikTok policy executive, denied that the company logs users’ keystrokes but acknowledged monitoring their patterns, such as typing frequency, to safeguard against fraud. |
| 在7月接受CNN采访时,TikTok一位政策负责人迈克尔·贝克曼否认该公司会记录用户的键入行为,但承认会监控输入频率等用户行为模式,以防止诈骗。 |
| Mr. Krause said he feared those tools had “very similar architectures” and could be repurposed to track keystroke content. |
| 克劳斯说,他担心这些工具的“架构非常相似”,可能会被转用于追踪键入内容。 |
| “The problem is they have infrastructure set up to do this stuff,” he said. |
| “问题在于他们已经建立了能够完成这些事的基础设施,”他说。 |
OK阅读网 版权所有(C)2017 | 联系我们